The Academy of Korean Studies(Hereinafter AKS) announces the Personal Information Management Guidelines provided below with a view to protecting the personal information of all parties concerned and handling the relevant petitions promptly and efficiently under Article 30 of the「Personal Information Protection Act」 (hereinafter“The Act”).

1. Purpose of Personal Information Management; Period of Personal Information Management and Storage; Items of Personal Information to be Managed

  • The foregoing can be checked as follows:
    Personal Information Protection Portal(www.privacy.go.kr) ▷ Personal Information Petition ▷ Request for the Inspection of Personal Information ▷ Inspection of the List of Personal Information Files ▷ Key in AKS as the name of the institution and you will be directed to the information required. The following personal information may be generated and collected automatically in the course of using the Internet service:
  • IP information, cookies, MAC address, and records of service use, website visits, and unauthorized use

2. Provision of Personal Information to a Third Party

A. The AKS shall manage personal information within the extent stipulated in Article 1 of the Act, and shall provide personal information to a third party only with the consent of the subject of the information and in the way stipulated in Article 17 of「the Act」.

3. The rights, responsibilities and the means of exercise of a data subject

A. In accordance with Article 35 of the Privacy Act (Access to personal information), a data subject can demand access to their personal information. However, such a request can be restricted in accordance with Item 5 of Article 35 of the Act as described below:
  • 1) if the access is prohibited or restricted by law;
  • 2) if the access has a possibility to endanger the life or physical safety of others, or improperly exploit the property or interests of other people;
  • 3) if the access can cause significant damage for public organizations in their execution of one of the following items:
    • A) Works related to the levy or collection of taxes or its refund;
    • B) Works related to student score assessment or admission process of various schools in accordance with 「Elementary and Secondary Education Act」and「Higher Education Act」 and life-long education facilities by 「Life-long Education Act」and other higher education institutes established by other laws;
    • C) Tests on formal schooling, functions or recruitment and works related to qualifications;
    • D) Works related to the calculation in progress of compensation payment/benefits or its judgment;
    • E) Works on currently-held assessment or investigation in accordance with other laws.
    The Process of access request
    The Process of access request
B. In accordance with Article 36 (Modification/deletion of personal information), a data subject can request to modify or delete personal information. However if the personal information is designated as the subject of collection by law, it is impossible to delete such information.
Scope and process of modification/deletion request
  • Modification of Information that is differently recorded from the fact
  • Deletion of the contents that has no such fact in a specific item
Scope and process of modification/deletion request
C. In accordance with Article 37 of Privacy Act (Processing suspension of personal information), a data subject can request processing suspension. However, if the processing suspension of personal information is requested, it can be refused by item 2 of Article 27 of the Act;
  • If there is a special provision or it is impossible to suspend processing such information in order to abide by legal obligation;
  • if it has a possibility to endanger the life or physical safety of others, or improperly exploit the property or interests of other people;
  • if it can hinder a public organization’s execution of its duty specified by other laws without processing the personal information;
  • if the data subject does not clarify their decision to terminate a contract, thereby impeding the execution of the contact (i.e. the promised service could not be delivered to data subject without processing the personal information)
Process of claiming processing suspension
Process of claiming processing suspension
Department in charge of accepting and treating requests for access, modification/deletion/ processing suspension of personal information
  • Personal Information Protection Department
  • Information Security Team
  • Choi Pil Jin
  • TEL: +82-31-709-6676 / E-mail: choipj@aks.ac.kr
D. Data subject can also claim access to his/her personal data via ‘Privacy Information Protection Portal’ (www.privacy.go.kr)
Ministry of Public Administration and Security’s Privacy Information Protection Portal → Civil Appeal for privacy information → Request personal information access of others (requires identity certification via means such as public I-pin)

4. Destruction of Personal Information

A. In the event that the AKS no longer requires specific personal information due to the achievement of the relevant purpose or expiry of the designated period for holding, the AKS shall immediately destroy such information.
B. In the event that the AKS needs to continue holding specific personal information despite the expiry of the designated period or achievement of the relevant purpose, the AKS shall transfer such information (or the relevant files) to a separate storage place, including a database.
C. Method and procedure of destroying personal information
  • 1) Procedure

    In the event that it is necessary to destroy personal information (or the relevant files), the AKS shall do so according to the designated procedure, i.e., Select such information or file (Obtain approval from the personal information protection manager) Destruction.

  • 2) Method

    Personal information recorded or stored in the form of an electronic file is destroyed by means of Low Level Format and the like to prevent its reproduction. Paper-based personal information is destroyed by a shredding machine or incineration.

5. Measures Taken to Protect Personal Information

A. The AKS shall take all technical, administrative and physical measures needed to keep personal information safe under Article 29 of「The Act」.
B. The AKS uses devices designed to block intrusion from outside, such as hacking and so forth, to prevent the leakage of personal information. Each computer server is equipped with an intrusion detection system that operates round the clock.
  • 1) Setting up an internal plan; minimization of the number of employees responsible for managing personal information; education

    The AKS appoints the minimum possible number of employees responsible for the management of personal information, and manages all personal information under an internal plan.

  • 2) Control of access to personal information

    The AKS takes all necessary measures to control access to the database containing personal information by periodically checking those authorized for such access, and uses a system designed to block intrusion from outside.

  • 3) Keeping records of access

    The AKS keeps records on access to the personal information management system for at least six months and uses a security system to prevent the forgery, theft or loss of the records.

  • 4) Use of locked place

    The AKS make it a rule to keep documents containing personal information and other relevant information storage devices in a secure locked place.

7. Personal Information Protection Manager

A. The AKS designates a Personal Information Protection Manager as follows to take responsibility for managing personal information, handling the relevant complaints, and remedying any damages there from.

Information Security Team Manager

  • Hong Jong Ho
  • Chief of Information Security Team
  • TEL: +82-31-709-4414 / E-mail: jhhong@aks.ac.kr

Personal Information Protection Department

  • Information Security Team
  • Choi Pil Jin
  • TEL: +82-31-709-6676 / E-mail: choipj@aks.ac.kr
B. The Personal Information Protection Manager and the Information Security Management Team will immediately comply with any requests and answer any inquiries made by the subject(s) of information concerning the protection of their personal information, complaints, and the remedying of damages.

7. How to Remedy Damages Arising from Infringement of Rights

With regard to matters concerning the remedying of damages arising from an infringement of rights, the subject of information may contact the following institutions:

118 Center operated by the Korea Internet Security Agency (KISA)

  • Business: Reports on personal information infringement or relevant counseling
  • Website : privacy.kisa.or.kr
  • TEL: +82-118
  • Address : Personal Information Infringement Report Center, KISA 135 Jungdae-ro, Songpa-gu, Seoul, 138-950

Secretariat of Personal Information Dispute Resolution Committee operated by KISA

  • Business : Personal information-related arbitration (both for individuals and groups)
  • Website : privacy.kisa.or.kr
  • TEL: +82-118
  • Address : Personal Information Infringement Report Center, KISA 135 Jungdae-ro, Songpa-gu, Seoul, 138-950

Internet Crime Investigation Center of the supreme Prosecutors' Office of the Supreme Prosecutors’ Office

The Cyber Terror Response Center of the National Police Agency

8. Installation and Operation of Image Data Processing Equipment

A. The AKS operates image data processing equipment as follows:
  • 1) Purpose: Facility safety and fire prevention
  • 2) A total of 71 units in connection with the need to monitor major facilities
  • 3) Employees in charge: See the following table:
    • TEL: +82-31-709-8111
    Employees in charge: Part, Name, Position, Places installed, Ext.
    Part Name Position Places installed Ext.
    Employee in charge of management Im Jeong-hun Chief, General Administration Team Main Building, Munhyeonggwan, Jinhyeongwan, Hakhyeongwan, Main Gate 710
    Employee authorized for access Park Tae-ho 712
    Employee in charge of management Yoo Ae-ryung Chief, Division of Cultural Content Compilation Kukeunkwan 610
    Employee authorized for access Yoo Min-uk 525
    Employee in charge of management Gwak Seon-Yeong Chief, Division of Cultural Informatics Library 430
    Employee authorized for access Kim Gi-tae 434
    Employee in charge of management Yoo Young-hee Chief, Library Information & Management Team Jangseogak Archives 415
    Employee authorized for access Yun Dae-bong 439
  • 4) Period of Recording and Period and Place of storage
    • Period of Recording: 24/7
    • Period of Storage: For 30 days from the time of recording
    • Place of Storage: Control room for image data processing equipment at each building
  • 5) Inspection of images : Requests should be addressed to those in charge of management
  • 6) Request for inspection of image data by the subject of information :
    Such a request should be made in accordance with the AKS’s internal procedure. We shall comply with such a request only when the subject of information is contained in the shot and there is a clear need for the inspection in the interest of protecting the privacy and/or assets of the subject of information.
  • 7) Technical, administrative and physical measures for the protection of image data :
    The measures taken by the AKS to protect image data include the establishment of an internal management plan, access control, safe storage of data, application of transmission technology, maintenance of processing records, prevention of forgery, and installation of a lock.

9. Amendment of Personal Information Management Policies

A. These Policies shall take effect from the date stated below. In the event of a change in the Policies under the relevant law or guidelines, such change will be put on public notice 7 days in advance of its implementation.
Date of Public Notice: March 28, 2012 / Date of Implementation : April 4, 2012
TOP